Abstract— Cloud computing is very eye-catching
technology which provides services for the computation function as per need of user. It enables the platform for the data owners and users can access those data with different rights. In security issue, there are number of encryption techniques used to protect the data transmitted between users in cloud. Cloud provider also provides techniques like public key infrastructure, identity based encryption (IBE), attribute based encryption (ABE), etc to avoid communication between users from the attacks with some assumptions. In this paper, a proposed system is discussed which can be used to prevent data from such attacks. This future technique is grouping of identity based encryption (IBE) and m-RSA (mRSA) techniques for cloud environment. Identity-based encryption (IBE) simplifies the public key and certificate management at public key infrastructure (PKI) is an important alternative to public key encryption. The IBE is used to decrease certificate management during communication between users. It is done by using hash functions. And m-RSA technique is used to provide easy key generation and key management during communication and to remove some critical problems exist in PKI.
Keywords: Identity based encryption, private key
generator, key revocation, m-RSA, security mediator (sem), key escrow.
I. INTRODUCTION
Cloud Computing is technology considered as next generation architecture of IT Organizations. In computation field, there are number of ways for providing sharing and parallelism of resources to improve performance and utilize available resources. Cloud computing is a platform for data storage, processing and delivery in which available resources are given virtually to the clients as per demand [1]. Cloud Computing is a model which provide computation services, network access to the pool of shared computing resources on demand with minimal management effort and without Service Provider interaction [2].
Cloud computing provides services to user without knowledge of physical location and configuration of the systems that deliver these services. This takes form of Web based tools that clients can access through
Internet. These applications and data are stored at remote location. The computing and storage resources are unified at remote data center location [3].
Fig. 1: Services provided by Cloud Computing Cloud Computing provides three types of services that are, [4]
Software-as-a-Services (SaaS) A.
Software runs on computers and is managed by the SaaS provider. The software is accessed over the public Internet and generally offered on a monthly or yearly subscription.
Product-as-a-Service (PaaS) B.
It provides development platform to the user to develop applications using the tools provided by the PaaS provider and they already know how to use those tools. Then they deploy application to the PaaS provider Cloud. It provides core cloud competences those are required to develop applications onto the Cloud.
Infrastructure-as-a-Services (IaaS) C.
It provides provision of network, processing and other resources where user can deploy and run the applications. compute, storage, networking, and other elements (security, tools) are provided by the IaaS provider Users own and manage operating systems, applications, and information running on the infrastructure and pay by usage.
Cloud Computing technology and services can be deployed in number of ways according to their purpose and characteristics. This deployment of Cloud is categorized in four ways as follows [3].
Exploring Security Mechanism Using Identity Based
Encryption & M-RSA Within Cloud Environment
Kapil Patel
1Sunil Gupta
21
Research scholar
2Asst. Professor, Computer Science Engineering Department,
Private Cloud D.
In this Model of Cloud, Infrastructure is deployed and operated by an Organization privately where all the resources can be owned, maintained and controlled by it only. It may be managed or hosted by Third-party also.
Community Cloud E.
In this Cloud, Infrastructure of Cloud is deployed on shared web space and operated by several organizations in sharing that supports a specific community with common approaches, demands and usage.
Public Cloud F.
In this Cloud, Infrastructure of Cloud is available to the general public or large group of different kinds of organizations. Client can access services without and any control and at specific rent. Client’s services and data can be co-located with other users.
Hybrid Cloud G.
In this Cloud, Infrastructure of Cloud can be combination of Public, Private and Community Cloud Infrastructure. This combination of two or more clouds is with unique characteristics, entities and benefits to the users. So, programs and data can be transferred from one system to another system.
Fig.2 Deployment Models of Cloud
II. IDENTITY BASED ENCRYPTION
The Cloud computing is used to store large number of data and to transfer data; security is main thing to those data. Interloper can attack to ongoing communication or storage devices and damage system in different ways. There are number of attacks possible. To prevent such kind of attacks, Identity based cryptography is used, that are Encryption, Key agreement and Digital Signature.
Before, Identity Based Cryptography (IBE), Public Key Infrastructure (PKI) is used, in which, Certificate Authority is responsible to manage credentials of user through certificates. Certificate Authority verify user’s certificate before each message is started and stored information related to user, its misbehavior and all
other actions. So, it creates overhead of communication and storage of information for each user.
To solve PKI problem, IBE is introduce, which is a public key encryption mechanism where public key is generated from user mail address or IP address, instead of randomly. The corresponding private key is generated by Private Key Generator (PKG) which has also knowledge of Master Key and that Private Key is given to user. IBE has one advantage is key management because key distribution and key revocation are not required. IBE doesn’t require a digital certificate to confirm public key.
IBE has one problem of Key Escrow, in that private key of user is known as PKG. So PKG centre can easily decrypt message and copy signature of any user. There is no privacy or authenticity. Secure channel must be there user and PKG centre [5].
IBE is basically composition of four basic four algorithms. Setup() generates global parameters and a master key. Extract() uses the master key to generate private key from public key ID string. Encrypt() generates cipher using public key ID. Decrypt() decodes cipher using the private key [7].
There are some benefits from the use of IBE, like it makes easy the management of public key and use of private key because sender doesn’t require certificate every time to send message. Another is managing user’s certificate those are easily granted by KGC. It also doesn’t require distribution of public key securely. Third one is Encryption with keyword search, in which if receiver wants to find messages with search keyword, sender simply encrypts that search keyword with message in addition. When message received by receiver, it gets private key for that search keyword and get all the encrypted massages along with that search keyword. It also reduces the computational process of encryption because cryptography is conducted offline, without the Key Generation Centre. Identity Based Encryption changes the process of obtaining public key by constructing one to one mapping between identities and public key [8].
However, one main drawback of IBE is it does not support fine grained revocation of key, because revocation is done through Certificate Revocation List which is not available in IBE.
IBE algorithms are introduced for chosen plain text attack, chosen cipher text attack under random oracle models; use hash functions to generate keys, or without random oracle model, uses different parameters to generate keys.
III. M-RSA BASED ON IDENTITY
and the Security Mediator (SEM). The main idea behind the M-RSA is to split the private key. One is given to user and another one is given to SEM. SEM is an online semi-trusted server, an user wants to encrypt or decrypt message, a token must be required to take from SEM. SEM is scalable, that can serve many users. The private key is not held by any one party either SEM or User, which is transparent to the outside. Means who use public key has the knowledge that half private key can be not used to decrypt message [9]
M-RSA provides fast and fine-grained control of users’ security parameters. M-RSA also relies on Public Key Certificates to derive public key. M-RSA has simple key revocation scheme, in which administrator instructs the SEM to stop issuing the key to particular user for public key. At that time, that user’s encryption/decryption privileges are revoked [10].
M-RSA based on Identity provides security based on user identity. For generating public key of recipient, a public key mapping function is used, that is doing one-to-one mapping from identity strings to public keys. It uses single common RSA modulus for all users. This modulus can be public and contained into the public key certificate issued by the Certificate Authority. The current Identity Based mRSA is working under the assumption that the Security Mediator (SEM) never compromised. We stress that using the same modulus by multiple users in a normal RSA setting is utterly insecure. It is subject to a trivial attack where by any one–utilizing one’s knowledge of a single key pair can simply factor the modulus and compute the other user’s private key [11].
To send encrypted message, sender first computes exponent from the recipient’s Identity value. Then this exponent and modulus will be considered as a public key for RSA and used to encrypt message.
There are basically three algorithms are used, one is key generation by Certificate Authority, then Encryption and Decryption, which are described as follows, [12]
System Setting and key generation A.
In the initialization phase, a trusted party (CA) sets up the RSA modulus for all users in the same system. First, CA chooses, at random, two large primes p′ and q′ such that p=2p′+1 and q =2q′+1 are also prime. Then it computes n=p•q, a randomly chosen number in Zn has negligible probability of not being relatively prime to Φ(n). The public exponent is set to be the email address represented as a binary string. It is assumed that the email address is at most 8 bits shorter than the size of the RSA modulus. One private key is issuing to the user who wants to decrypt message came from x. And anther private key issues to the SEM
server. A domain or system wide certificate is issued by the CA after completion of this algorithm. That certificate contains common part of mail address and the common modulus for all users.
Encryption B.
To encrypt the message, sender needs organization certificate. From the certificate sender can recover the common modulus. Here, actually the certificate is not required for the encryption process or to ensure that intended receiver is correct public key holder or not. If any user needs to be revoked, the manager notifies the appropriate SEM not to issue public or private key of that to be revoked user to any user.
Decryption C.
The decryption process is identical to M-RSA. In which, the receiver first request SEM to send another half private key to him. After receiving request, SEM checks that receiver is valid or not by checking it’s certificate. If that receiver is not revoked then, SEM calculates its private key and sends to user. Concurrently, user also calculates its private key. Then by combining both private keys, user decrypts encrypted message.
This current system M-RSA based on Identity has one problems is CA and required to confirm certificates, management overhead of certificate revocation. If guess related to SEM is wrong then system can be unstable also.
IV. PROPOSED SYSTEM
The proposed System, Identity Based Encryption with M-RSA (IBE-mRSA) is to provide the better security to the data in Software-as-a-Service of Cloud Computing. IBE-mRSA will provide integrity and confidentiality to the communication system in SaaS Cloud. It is based on Public Key Encryption algorithm M-RSA and Basic Identity Based Cryptography scheme.
IBE-mRSA scheme is designed to prevent Indistinguishable Identity Chosen Cipher text, Indistinguishable Identity Chosen Plain text attack, Denial of Services by providing integrity and confidentiality.
This IBE-mRSA scheme uses bilinear mapping of two large prime numbers from the two sets of prime numbers. It has also four functions setup, key generator, encryption and decryption as follows. Setup ( )
It uses a single hash function. It takes Identity of Receiver and random master key. Setup function has, -Take random s , which is master key of prime
order q.
Keygen ( )
In Key Generation, keygen, procedure takes the public key from the setup procedure and generates the private key for the Security Mediator (SEM) and user who receive the message. It is based on the Standard RSA procedure,
Let k be the security parameter
Generate random k/2-bit primes, p′ and q′
such that p = 2p′ + 1 and q = 2q′ + 1 are also prime. n ← pq, e ( ) , such that
d ← e-1 mod ( ) For each user (x),
s ← k - | Pid | - 1 ex ← 0s || Pid || 1 dx ← 1 / ex mod ( ) dx,u ← Zn ⊕ 1 – {0} dx,sem ← (d – dx,u) mod ( ) Output will be Private Key for user and Security Mediator, security parameter, modulus n.
Encryption ( ) A.
In Encryption procedure, it takes the Public key from setup function and modulus and exponent from the key generator procedure. Using the public key it will calculate exponent at encryption time. And that exponent and modulus will be considered as a public key just like IB-mRSA, which will be used to encrypt the message.
Public Key Pid, Security Parameter k and Modulus n are taken as input.
[image:4.595.311.532.58.214.2]- Retrieve Pid from Setup procedure. - s ← k - | Pid | - 8
- e ← 0s || Pid || 1
- Encrypt message m with (e, n) using standard RSA technique.
Output will be Encrypted Message m′.
Decryption ( ) B.
In Decryption procedure, when user receives the encrypted message, he requests to the SEM to send private key by sending encrypted message. SEM checks the user if he is revoked. If not, then SEM replies with private key for that user. In parallel, user also calculates own private key. After receiving the private key, user combines both private key and decrypts the message.
It is taking input a Encrypted Message. Then it proceeds with following procedure.
User m′ = encrypted message User sends m′ to SEM In parallel,
SEM:
If USER revoked return (ERROR) PDsem ← m′ dsem mod n
Send PDsem to USER USER: PDu ←m′du mod n
USER: M ← (PDsem PDu ) mod n USER: If succeed, return (m) It gives output a Decrypted Message m.
Fig. 3: Sequence of Operations in IBE-mRSA.
In the proposed system, the Key Escrow Problem of IBE in Cloud Environment has been solved by dividing key between the SEM and user. And SEM and user never cheat one another also because both don’t have the knowledge about each other’s key. The Public Key Infrastructure will not be required for the key mapping functionality in the proposed system. So, certificate verification process will not be required that decreases the computational time, which is potential advantage of proposed system.
V. CONCLUSION
The proposed system works in SaaS environment of Cloud, which increases efficiency, integrity and performance of cryptographic method. It solves the probable problem Key Escrow of IBE as a separation of private key between SEM and User. This system will remove the overhead of using Public Key Generator constantly during communication. It makes easy key revocation procedure for users.
But, it should not be cleared that it will work without random oracle model or not such that computation time can be reduced more. As well as, the key generator function takes more time than standard RSA technique.
REFRENCES
[1] Kazi Zunnurhain, Susan V. Vrbsky, ―Security in Cloud Coumputing‖, International Conference on Security and Management (2011).
[2] Juhi Sharma, Kshitiz Saxena, ―Cloud Security Challenges‖, International Journal Computer Science and Information Technologies (2012), Vol. 3(3), 4514-4515.
[3] N. Sainath, Vikram Narayandas, S. Jaykrishna, N. Aravind, ―Analysis of Cloud Computing Security Considerations for Infrastructure as a Service‖, International Journal of Engineering Research and Application (IJERA) (2012), Vol. 2(2), 451-456.
Environment: A Review‖, Journal of Emerging
Trends in Computing and Information Science (2012), Vol. 3(3), 390-394.
[5] Byoungcheon Lee, Colin Boyd, Ed Dawson, Kwangojo Kim, Jeongmo Yang, Seungjae Yoo, ―Secure Key Issuing in ID-Based Cryptography‖, Australasian Information
Security Workshop (2004).
[6] M. Chaudary Gorantla, Raju Gangishetti and Ashutosh Saxena, ―A survey on ID-Based Cryptographic Primitives‖
[7] Dan Boneh and Mathew Franklin, ―Identity-Based Encryption from the Weil Pairing‖, SIAM J. of Computing (2003), Vol. 32(3), 586-615. [8] Alexandra Boldyreva, Vipul Goyal, Virendra
Kumar (2008), ―Identity-based Encryption with Efficient Revocation‖, 14th ACM Conference on Com-puter and Communications Security [9] Sherman S.M. Chow, Colin Boyd, Juan Manuel
Gonz´alez Niet, ―Security-Mediated Certificate-less Cryptography‖.
[10] Satoshi Koga, Kenji Imamoto, Kouichi Sakurai, ―Enhancing Security of Security-Mediated PKI by One-time ID‖.
[11] Xuhua Ding, Gene Tsudik (2003), ―Simple Identity-Based Cryptography with M-RSA‖, CT -RSA LNCS 2612, Pages 192-209.
